On Tue, 2009-02-24 at 07:47 +0300, Alexey Dobriyan wrote: > > I think what I posted is a decent compromise. It gets you those > > warnings at runtime and is a one-way trip for any given process. But, > > it does detect in certain cases (fork() and unshare(FILES)) when it is > > safe to make the trip back to the "I'm checkpointable" state again. > > "Checkpointable" is not even per-process property. > > Imagine, set of SAs (struct xfrm_state) and SPDs (struct xfrm_policy). > They are a) per-netns, b) persistent. > > You can hook into socketcalls to mark process as uncheckpointable, > but since SAs and SPDs are persistent, original process already exited. > You're going to walk every process with same netns as SA adder and mark > it as uncheckpointable. Definitely doable, but ugly, isn't it? > > Same for iptable rules. > > "Checkpointable" is container property, OK? Ideally, I completely agree. But, we don't currently have a concept of a true container in the kernel. Do you have any suggestions for any current objects that we could use in its place for a while? -- Dave -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
